3.8. Configuration File Example

The following is an example configuration file, interspersed with explanatory
text. It defines two databases to handle different parts of the X.500 tree;
both are BDB database instances. The line numbers shown are provided for
reference only and are not included in the actual file. First, the global
configuration section:

Line 1 is a comment. Line 2 includes another config file which contains core
schema definitions. The referral directive on line 3 means that queries not
local to one of the databases defined below will be referred to the LDAP server
running on the standard port (389) at the host root.openldap.org.

Line 4 is a global access control. It applies to all entries (after any applicable
database-specific access controls).

The next section of the configuration file defines a BDB backend that will
handle queries for things in the "dc=example,dc=com" portion of the tree. The database
is to be replicated to two slave slapds, one on truelies, the other on judgmentday. Indexes
are to be maintained for several attributes, and the userPassword attribute is to be protected
from unauthorized access.

Line 5 is a comment. The start of the database definition is marked
by the database keyword on line 6. Line 7 specifies the DN suffix for queries
to pass to this database. Line 8 specifies the directory in which the database
files will live.

Lines 9 and 10 identify the database "super user" entry and associated
password. This entry is not subject to access control or size or time limit restrictions.
Please remeber to encrypt the rootpw using slappasswd.

Example: rootpw {SSHA}Jq4xhhkGa7weT/0xKmaecT4HEXsdqiYA

Lines 11 through 18 are for replication. See the Replication link for more information on these directives.

Lines 20 through 22 indicate the indexes to maintain for various attributes.

Lines 24 through 32 specify access control for entries in the this database.
As this is the first database, the controls also apply to entries not held in any
database (such as the Root DSE). For all applicable entries, the userPassword
attribute is writable by the entry itself and by the "admin" entry. It may be used for
authentication/authorization purposes, but is otherwise not readable. All other attributes
are writable by the entry and the "admin" entry, but may be read by all users (authenticated or not).

The next section of the example configuration file defines another BDB database.
This one handles queries involving the dc=example,dc=net subtree but is managed by the same
entity as the first database. Note that without line 39, the read access would be allowed due
to the global access rule at line 4.